TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
933
Signature Description: The Simple Network Management Protocol (SNMP) is a protocol used in network management
systems to monitor network-attached devices for conditions that warrant administrative attention. It consists of a set of
standards for network management, including an Application Layer protocol, a database schema, and a set of data
objects. SNMPv3 is defined by RFCs 3411 to 3418. SNMPv3 was primarily added security and remote configuration
enhancements to SNMP. The IETF has designated SNMPv3 as a full Internet Standard - the highest maturity level for
an RFC. Multiple Implementations of SNMP protocol are vulnerable as they rely on the client to specify the HMAC
length. This makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only
checks the first byte. Please update the software as per your vendor advisory.
Signature ID: 35357
Cisco 675 DSL Router DoS Vulnerability
Threat Level: Warning
Industry ID: CVE-2001-0058 Nessus: 10561
Signature Description: Cisco Broadband Operating System is the operating system for Cisco 600 series routers.The
Cisco 600 series routed are small office/home office (SOHO)/telecommuter DSL routers. The Web interface to Cisco
600 series routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that
does not end in a space character. The administrator needs to reboot it to make the router work again. A cracker may
use this flaw to crash this host, thus preventing your network from working properly. This signature detects any URL
which does not have a space in the GET request line.
Signature ID: 35365
Cisco WLSE/HSE Default Username vulnerability
Threat Level: Severe
Industry ID: CVE-2004-0391 Bugtraq: 10076
Signature Description: Cisco Wireless LAN Solution Engine (WLSE) devices provide centralized management
including monitoring, network security, and optimization for the autonomous Cisco Aironet WLANs. Cisco Hosting
Solution Engine (HSE) is hardware-based solution for e-business operations in Cisco powered data centers. Cisco
Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a
hard coded user name and password, which allows remote attackers to add new users, modify existing users, and
change configuration. A successful attacker can gain access to sensitive data, cause DoS attacks, and can launch
various attacks from the devices under his control. The signature detects the 'r' character in user's password.
Signature ID: 35366
Cisco Secure Access Control Server HTTP Request Overflow vulnerability
Threat Level: Warning
Industry ID: CVE-2007-0105 Bugtraq: 21900
Signature Description: Cisco Secure Access Control Server (ACS) is an access policy control platform. Stack-based
buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and
ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
This signature detects a long post field in a GET request.
Signature ID: 35367
Cisco Catalyst Supervisor Remote Reload vulnerability
Threat Level: Warning
Industry ID: CVE-1999-0430
Bugtraq: 705
Signature Description: Catalyst is the brand name for a variety of network switches sold by Cisco Systems. Cisco
Catalyst 5000 Supervisor versions 2.1(5) or prior contain an issue that could allow a remote attacker to crash the
device, resulting in a denial of service (DoS) condition. The issue is due to insufficient handling of network packets on
port 7161/tcp. Sending a specially crafted packet to an affected device will cause the device to reload. The packet